RE: deaft-gree-sedsh-ecc-08: small correction
"Igoe, Kevin M." <kmigoe@nsa.gov> Fri, 13 August 2010 15:52 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C532F3A68F6 for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Fri, 13 Aug 2010 08:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.449
X-Spam-Level:
X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Zd9blIsWaX7 for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Fri, 13 Aug 2010 08:52:37 -0700 (PDT)
Received: from mollari.NetBSD.org (mollari.NetBSD.org [IPv6:2001:4f8:3:7:230:48ff:fed3:af12]) by core3.amsl.com (Postfix) with ESMTP id 0B94F3A6803 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 13 Aug 2010 08:52:37 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id BEBB570905 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 13 Aug 2010 15:53:13 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0) id 0705963B100; Fri, 13 Aug 2010 15:52:46 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from msux-gh1-uea02.nsa.gov (msux-gh1-uea02.nsa.gov [63.239.65.40]) by mail.netbsd.org (Postfix) with ESMTP id 34FC163B104 for <ietf-ssh@NetBSD.org>; Fri, 13 Aug 2010 15:52:28 +0000 (UTC)
Received: from MSCS-GH1-UEA01.corp.nsa.gov (localhost [127.0.0.1]) by msux-gh1-uea02.nsa.gov (8.12.10/8.12.10) with ESMTP id o7DEpvMM009258; Fri, 13 Aug 2010 14:51:57 GMT
Received: from MSIS-GH1-UEA06.corp.nsa.gov ([10.215.228.137]) by MSCS-GH1-UEA01.corp.nsa.gov with Microsoft SMTPSVC(6.0.3790.3959); Fri, 13 Aug 2010 10:51:39 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Subject: RE: deaft-gree-sedsh-ecc-08: small correction
Date: Fri, 13 Aug 2010 10:51:39 -0400
Message-ID: <80F9AC969A517A4DA0DE3E7CF74CC1BB034A7E@MSIS-GH1-UEA06.corp.nsa.gov>
In-reply-to: <80F9AC969A517A4DA0DE3E7CF74CC1BB034A7D@MSIS-GH1-UEA06.corp.nsa.gov>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: deaft-gree-sedsh-ecc-08: small correction
Thread-Index: Acs6s7WsNzunHQcfQKGGBDhPKlApTQAMylpgAAOc5aA=
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB034955@MSIS-GH1-UEA06.corp.nsa.gov> <alpine.BSO.2.00.1008131523540.29473@fuyu.mindrot.org> <80F9AC969A517A4DA0DE3E7CF74CC1BB034A7D@MSIS-GH1-UEA06.corp.nsa.gov>
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: "Igoe, Kevin M." <kmigoe@nsa.gov>, Damien Miller <djm@mindrot.org>, Douglas Stebila <douglas@stebila.ca>
Cc: ietf-ssh@NetBSD.org
X-OriginalArrivalTime: 13 Aug 2010 14:51:39.0796 (UTC) FILETIME=[09530540:01CB3AF7]
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Opps, mea culpa. I see are referring to draft-green-secsh-ecc-08, now known as RFC 5656. My responses were in reference to draft-igoe-secsh-x509v3-05. Given it has already been published as an RFC, the inclusion of MQV is Suite B is an historical artifact that reflects the early genesis of Suite B, and as such can stand. The point at infinity is a worthy observation perhaps best addressed by an errata? I'm not terribly familiar with the IESG errata process. > -----Original Message----- > From: ietf-ssh-owner@NetBSD.org [mailto:ietf-ssh-owner@NetBSD.org] On > Behalf Of Igoe, Kevin M. > Sent: Friday, August 13, 2010 9:06 AM > To: Damien Miller; Douglas Stebila > Cc: ietf-ssh@NetBSD.org > Subject: RE: deaft-gree-sedsh-ecc-08: small correction > > You are correct, MQV was thrown out of Suite B some time ago > and we should rephrase this statement to reflect that. I > view leaving MQV in this draft as harmless. Yes, currently > there are Intellectual Property issues involving MQV, but that > may well change in the future. > > As to checking for the point at infinity in ECDH, I'd > rather have that issue addressed in a document that is > clearly directed at ECDH rather than having it hidden > in a document that only peripherally touches ECDH. > I'll be putting out a "Suite B for Secure Shell" document > in the near future and plan to cover such issues in there. > > > > -----Original Message----- > > From: ietf-ssh-owner@NetBSD.org [mailto:ietf-ssh-owner@NetBSD.org] On > > Behalf Of Damien Miller > > Sent: Friday, August 13, 2010 1:30 AM > > To: Igoe, Kevin M.; Douglas Stebila > > Cc: ietf-ssh@NetBSD.org > > Subject: Re: deaft-gree-sedsh-ecc-08: small correction > > > > On Tue, 16 Jun 2009, Igoe, Kevin M. wrote: > > > > > In the Introduction to draft-green-secsh-ecc-08 we find > > > > > > In the interest of adding Suite B algorithms to SSH this > document > > > adds three ECC Suite B algorithms to the Secure Shell arsenal: > > > Elliptic Curve Menezes-Qu-Vanstone (ECMQV), Elliptic Curve > Diffie- > > > Hellman (ECDH), and Elliptic Curve Digital Signature Algorithm > > > (ECDSA), as well as utilizing the SHA2 family of secure hash > > > algorithms. > > > Slight error here: ECMQV is no longer part of Suite B. For sake of > > > correctness, I'd suggest something like the following: > > > > > > In the interest of adding Suite B algorithms to SSH this > document > > > adds two ECC Suite B algorithms to the Secure Shell arsenal: > > > Elliptic Curve Diffie-Hellman (ECDH), and Elliptic Curve Digital > > > Signature Algorithm (ECDSA), as well as utilizing the SHA2 > family > > > of secure hash algorithms. Additonally, support is provided for > > > Elliptic Curve Menezes-Qu-Vanstone (ECMQV). > > > > Why not drop ECMQV from the draft entirely? AFAIK it is patented, > > which is enough to stop us (OpenSSH) from implementing it. I think > > new KEX methods need a very good justification, since they represent > > a significant part of the pre-auth attack surface. > > > > Also on the -08 draft, shouldn't the client and server in ECDH reject > > public keys from the peer that are points at infinity? Are there > > other degenerate values to worry about? > > > > -d
- deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- Re: deaft-gree-sedsh-ecc-08: small correction Douglas Stebila
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- RE: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- Re: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- Re: deaft-gree-sedsh-ecc-08: small correction Jeffrey Hutzelman
- Re: deaft-gree-sedsh-ecc-08: small correction Nicolas Williams
- Re: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann